Cyber Incident Victim: Artech Information Systems
Date:
Sep 2020
Location:
United States of America
Summary
Artech Information Systems, a major US IT staffing firm, suffered a ransomware attack by the REvil (Sodinokibi) group that compromised sensitive personal and financial data, including Social Security numbers, medical records, payment card details, and government identification documents. The company delayed public disclosure for approximately nine months despite the threat actors advertising stolen data early in the incident, leaving affected individuals unaware of potential risks until notifications were issued long after the breach occurred.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Artech Information Systems, a major US IT staffing company with approximately 10,500 employees and consultants across 40 US states, Canada, India, and China, experienced a ransomware attack in early January 2020. The incident, attributed to the REvil (Sodinokibi) threat actor group, compromised company systems and resulted in data exfiltration. REvil publicly listed Artech on their data leak site in January 2020, signaling both the attack's occurrence and the threat of potential data disclosure. At the time of the initial attack disclosure by the threat actors, media outlet BleepingComputer attempted to contact Artech for verification but received no response to multiple inquiries. The compromised data included highly sensitive personal information such as names, Social Security numbers, medical records, health insurance details, financial data, payment card information, driver's license/state identification numbers, government-issued IDs, passport numbers, visa numbers, digital signatures, and account credentials. Artech, a privately-held firm with an estimated $810 million annual revenue for 2019, did not publicly acknowledge the incident during the initial months following the attack.
The company concluded its internal investigation by the end of June 2020 but delayed notifying affected individuals until early September 2020, creating a nine-month period during which compromised individuals remained unaware of their exposure to potential identity theft and fraud. This notification delay occurred despite the sensitive nature of the exfiltrated data and the confirmed risk to individuals' personal information. The incident raised questions about victim disclosure practices, as the breach became publicly known primarily through the ransomware group's leak site and subsequent media coverage rather than through timely organizational transparency. BleepingComputer's editorial decision to withhold publication about the attack for nine months—from January discovery to September notification—sparked debate about media responsibility in balancing public awareness against potential risks of amplifying threat actor leverage. The breach impacted individuals across Artech's international operations, though the exact number of affected parties remained unspecified in available disclosures. No information was provided regarding whether Artech paid a ransom or implemented specific containment measures during the investigation period.